privilegedescalation-engineer[bot]
836e50fa9c
The shared plugin-e2e.yaml workflow lacks a Get kubeconfig step. The ARC runner (runners-privilegedescalation) has no static kubeconfig at any expected path (/runner/config, ~/.kube/config). It DOES have an in-cluster service account at /var/run/secrets/kubernetes.io/serviceaccount/token. This fix adds the same three-tier kubeconfig detection used in headlamp-polaris-plugin#144: 1. /runner/config (not present on this runner) 2. ~/.kube/config (not present on this runner) 3. Generate from in-cluster service account credentials This unbreaks E2E for all plugins using the shared workflow: - headlamp-argocd-plugin - headlamp-kube-vip-plugin - headlamp-tns-csi-plugin Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>
133 lines
4.2 KiB
YAML
133 lines
4.2 KiB
YAML
name: Plugin E2E Tests
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
node-version:
|
|
description: 'Node.js version to use'
|
|
required: false
|
|
type: string
|
|
default: '22'
|
|
headlamp-version:
|
|
description: 'Headlamp version to deploy for E2E testing'
|
|
required: false
|
|
type: string
|
|
default: 'v0.40.1'
|
|
|
|
jobs:
|
|
e2e:
|
|
runs-on: runners-privilegedescalation
|
|
timeout-minutes: 15
|
|
|
|
env:
|
|
E2E_NAMESPACE: headlamp-dev
|
|
E2E_RELEASE: headlamp-e2e
|
|
HEADLAMP_VERSION: ${{ inputs.headlamp-version }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: ${{ inputs.node-version }}
|
|
cache: 'npm'
|
|
|
|
- name: Setup kubectl
|
|
uses: azure/setup-kubectl@v4
|
|
|
|
- name: Get kubeconfig
|
|
run: |
|
|
set -euo pipefail
|
|
in_cluster=false
|
|
if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
|
|
in_cluster=true
|
|
fi
|
|
if [ -f /runner/config ]; then
|
|
echo "KUBECONFIG=/runner/config" >> "$GITHUB_ENV"
|
|
elif [ -f /home/runner/.kube/config ]; then
|
|
echo "KUBECONFIG=/home/runner/.kube/config" >> "$GITHUB_ENV"
|
|
elif [ -f "${HOME:-}/.kube/config" ]; then
|
|
echo "KUBECONFIG=${HOME:-}/.kube/config" >> "$GITHUB_ENV"
|
|
elif [ "$in_cluster" = true ]; then
|
|
KUBECFG_DIR="${HOME:-}/.kube"
|
|
mkdir -p "$KUBECFG_DIR"
|
|
kubectl config set-cluster in-cluster \
|
|
--server="https://${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}:${KUBERNETES_SERVICE_PORT:-443}" \
|
|
--certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
|
|
--embed-certs=true \
|
|
--kubeconfig="$KUBECFG_DIR/config" 2>&1
|
|
kubectl config set-credentials in-cluster \
|
|
--token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
|
|
--kubeconfig="$KUBECFG_DIR/config" 2>&1
|
|
kubectl config set-context in-cluster \
|
|
--cluster=in-cluster \
|
|
--user=in-cluster \
|
|
--kubeconfig="$KUBECFG_DIR/config" 2>&1
|
|
kubectl config use-context in-cluster \
|
|
--kubeconfig="$KUBECFG_DIR/config" 2>&1
|
|
echo "KUBECONFIG=$KUBECFG_DIR/config" >> "$GITHUB_ENV"
|
|
else
|
|
echo "::error::No kubeconfig found"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build plugin
|
|
run: npx @kinvolk/headlamp-plugin build
|
|
|
|
- name: Deploy E2E Headlamp instance
|
|
run: scripts/deploy-e2e-headlamp.sh
|
|
|
|
- name: Load E2E environment
|
|
run: |
|
|
if [ -f .env.e2e ]; then
|
|
cat .env.e2e >> "$GITHUB_ENV"
|
|
else
|
|
echo "::error::deploy-e2e-headlamp.sh did not produce .env.e2e"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Install Playwright browsers
|
|
run: npx playwright install --with-deps chromium
|
|
|
|
- name: Run E2E tests
|
|
run: npm run e2e
|
|
env:
|
|
HEADLAMP_URL: ${{ env.HEADLAMP_URL }}
|
|
HEADLAMP_TOKEN: ${{ env.HEADLAMP_TOKEN }}
|
|
|
|
- name: Collect deployment diagnostics on failure
|
|
if: failure()
|
|
run: |
|
|
echo "=== Pod state ==="
|
|
kubectl get pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
|
|
echo "=== Pod describe ==="
|
|
kubectl describe pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
|
|
echo "=== Recent namespace events ==="
|
|
kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -20 || true
|
|
|
|
- name: Teardown E2E instance
|
|
if: always()
|
|
run: scripts/teardown-e2e-headlamp.sh
|
|
|
|
- name: Upload Playwright report
|
|
uses: actions/upload-artifact@v7
|
|
if: failure()
|
|
with:
|
|
name: playwright-report
|
|
path: playwright-report/
|
|
retention-days: 7
|
|
|
|
- name: Upload test results
|
|
uses: actions/upload-artifact@v7
|
|
if: failure()
|
|
with:
|
|
name: test-results
|
|
path: test-results/
|
|
retention-days: 7
|
|
|